Lucene search
K

260 matches found

NVD
NVD
added 2024/02/06 9:15 a.m.17 views

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

5.5CVSS5.4AI score0.0049EPSS
Exploits0References5
Prion
Prion
added 2024/02/06 9:15 a.m.12 views

Null pointer dereference

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

1.7CVSS7.4AI score0.0049EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/06 9:15 a.m.8 views

UBUNTU-CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

5.5CVSS6.1AI score0.0049EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/06 8:26 a.m.58 views

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

5.5CVSS5.4AI score0.0049EPSS
Exploits0
Veracode
Veracode
added 2024/01/30 8:48 p.m.22 views

Heap-based Buffer Overflow

GNU coreutils is vulnerable to a heap overflow vulnerability. The vulnerability is due to improper handling of user-controlled data of multiple hundred bytes in length in the linebytessplit function, potentially leading to an application crash and denial of service...

5.5CVSS6.8AI score0.0049EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/12/28 9:16 p.m.14 views

GHSA-WPMX-564X-H2MH ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex - .. go ...

5.3CVSS5.3AI score0.00522EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/12/28 9:16 p.m.20 views

ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex - .. go ...

5.3CVSS7.2AI score0.00522EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/12/20 10:6 a.m.61 views

Path Traversal

org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...

7.5CVSS7.1AI score0.01345EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.13 views

PT-2023-32697

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 affected versions not specified Description The issue allows unauthenticated users to overwrite any file accessible to the user who executes h2o.init, potentially resulting in a denial of service. Remote unauthenticated attackers c...

9.3CVSS7.4AI score0.00715EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2023/12/01 12:31 a.m.55 views

Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7.5AI score0.01345EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2023/11/30 10:15 p.m.13 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS0.01345EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 10:15 p.m.17 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS6.2AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/11/30 10:15 p.m.43 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS7.1AI score0.01345EPSS
Exploits0References2
Prion
Prion
added 2023/11/30 10:15 p.m.21 views

Path traversal

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

5CVSS7AI score0.01345EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 9:17 p.m.16 views

CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

6.7AI score0.01345EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/11/30 9:17 p.m.35 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS7.5AI score0.01345EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.30 views

Rocky Linux 8 : squid:4 (RLSA-2019:2593)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:2593 advisory. - An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decod...

8.8CVSS7.1AI score0.50454EPSS
Exploits0References3
OSV
OSV
added 2023/06/02 2:15 p.m.6 views

UBUNTU-CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

9.8CVSS7.3AI score0.02061EPSS
Exploits2References6
NVD
NVD
added 2023/05/18 10:15 p.m.12 views

CVE-2023-28753

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

9.8CVSS9.7AI score0.01851EPSS
Exploits1References2
Prion
Prion
added 2023/05/18 10:15 p.m.9 views

Integer overflow

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

7.5CVSS9.6AI score0.01851EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder